When I'm trying to monitor the traffic via Monitor tab on Palo Alto, i can see insufficient-data under Apllication tab(usin tcp protocol) and probe-skype(using udp protocol).
Who can explain me what means that two applications?I need more info about them.
Hello TigranGevorgyan ,
Insufficient data means that there was not enough data to identify the application. So for example, if the 3-way TCP handshake completed and there was one data packet after the handshake, but that one data packet was not enough to match any of our signatures, then you would see insufficient data in the application field of the traffic log.
If you open the traffic logs and analyze it in details, you will see the number of packets in each direction (server to client and client to server) will be very less.
Secondly, the skype-probe is an application for controlling the probing behaviour of Skype. It is working on a UPD protocol with dynamic port.
Hope this helps.
Please refer following document for insufficient-data app.
Refer following doc for SKYPE probe.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!